CVE-2024-8215

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Payara Platform Payara Server (Admin Console modules) allows Remote Code Inclusion.This issue affects Payara Server: from 5.20.0 before 5.68.0, from 6.0.0 before 6.19.0, from 6.2022.1 before 6.2024.10, from 4.1.2.191.1 before 4.1.2.191.51.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:payara:payara:*:*:*:*:community:*:*:*
cpe:2.3:a:payara:payara:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:payara:payara:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:payara:payara:*:*:*:*:community:*:*:*

History

16 Oct 2024, 17:58

Type Values Removed Values Added
First Time Payara payara
Payara
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.4
CPE cpe:2.3:a:payara:payara:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:payara:payara:*:*:*:*:community:*:*:*
References () https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2024.10.html - () https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%206.2024.10.html - Release Notes
References () https://docs.payara.fish/enterprise/docs/5.68.0/Release%20Notes/Release%20Notes%205.68.0.html - () https://docs.payara.fish/enterprise/docs/5.68.0/Release%20Notes/Release%20Notes%205.68.0.html - Release Notes
References () https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.19.0.html - () https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%206.19.0.html - Release Notes

10 Oct 2024, 12:56

Type Values Removed Values Added
Summary
  • (es) Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Payara Platform Payara Server (módulos de la consola de administración) permite la inclusión remota de código. Este problema afecta a Payara Server: desde 5.20.0 hasta 5.68.0, desde 6.0.0 hasta 6.19.0, desde 6.2022.1 hasta 6.2024.10, desde 4.1.2.191.1 hasta 4.1.2.191.51.

08 Oct 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-08 16:15

Updated : 2024-10-16 17:58


NVD link : CVE-2024-8215

Mitre link : CVE-2024-8215

CVE.ORG link : CVE-2024-8215


JSON object : View

Products Affected

payara

  • payara
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')